Problems with specific certificate/key (Debian Bug #426013)

Mark Adams mark at
Wed Feb 27 18:49:40 CET 2008

On Jan 3, 2008 2:36 AM, Marc Haber <mh+gnutls-devel at> wrote:

> Hi,
> Simon writes:
> > Appears to be an unreprodicible problem with a specific
> > certificate/key which the user cannot reveal. Another
> > certificate/key
> > from the same CA works fine. Theory: could it be CRLF problems?
> > Other
> > non-ASCII characters in the file? Nothing indicates a real GnuTLS
> > problem here.
> > Conclusion: Likely not a GnuTLS problem.
> I think that this conclusion was built too fast, but we do not have
> sufficient information to know this.
> The original reporter has said in the mean time that there are no
> non-ascii chars in the file and that there are no CRLF issues here.
> Currently, it is suspected that GnuTLS has issues with the fact that
> the certificate is a wildcard certificate.

>By reading this report, I'm really curious which gnutls version is used,
>whether the gnutls-serv and exim are linked on the same version of
>Does this occur if exim is linked on gnutls 2.2?

I'm using gnutls 2.0.4 at present (this is the current debian testing
version). Is it possibly a known issue with this version? I can not
install the new version at present, as this is a production server. I
will be able to test this if you think it will correct the issue.

For reference, gnutls-serv and gnutl-client work with this cert/key
pair. I can run the server fine using;

gnutls-serv --debug 5 --x509keyfile myhost_net.key --x509certfile myhost_net.crt

And the client can connect using;

gnutls-cli -p 5556

however, when using certtool -i < my key file failes with the base 64
decoding error.

certtool: Import error: Base64 decoding error.


Thanks for your interest,


More information about the Gnutls-devel mailing list